The Wikimedia Foundation taps $2.5M from Craig Newmark to beef up its security

Last week, users around the world found Wikipedia down after the online, crowdsourced encyclopedia became the target of a massive, sustained DDoS attack — one that it is still actively fighting several days later (even though the site is now back up). Now, in a coincidental twist of timing, Wikipedia’s parent, the Wikimedia Foundation, is announcing a donation aimed at helping the group better cope with situations just like this: Craig Newmark Philanthropies, a charity funded by the Craigslist founder, is giving $2.5 million to Wikimedia to help it improve its security.

The gift would have been in the works before the security breach last week, and it underscores a persistent paradox. The non-profit is considered to be one of the 10 most popular sites on the web, with people from some 1 billion different devices accessing it each month, with upwards of 18 billion visits in that period (the latter figure is from 2016 so likely now higher). Wikipedia is used as reference point by millions every day to get the facts on everything from Apple to Zynga, mushrooms and Myanmar history, and as a wiki, it was built from the start for interactivity.

But in this day and age when anything is game for malicious hackers, it’s an easy target, sitting out in the open and generally lacking in the kinds of funds that private companies and other for-profit entities have to protect themselves from security breaches. Alongside networks of volunteers who put in free time to contribute security work to Wikimedia, the organization only had two people on its security staff two years ago — one of them part-time.

That has been getting fixed, very gradually, by John Bennett, the Wikimedia Foundation’s Director of Security who joined the organization in January 2018, and told TechCrunch in an interview that he’s been working on a more cenrtralised and coherent system, bringing on more staff to help build both tools to combat nefarious activity both on the site and on Wikimedia’s systems; and crucially, put policies in place to help prevent breaches in the future.

“We’ve lived in this bubble of ‘no one is out to get us,’” he said of the general goodwill that surrounds not-for-profit, public organizations like the Wikimedia Foundation. “But we’re definitely seeing that change. We have skilled and determined attackers wishing to do harm to us. So we’re very grateful for this gift to bolster our efforts.

“We weren’t a sitting duck before the breach last week, with a lot of security capabilities built up. But this gift will help improve our posture and build upon on what we started and have been building these last two years.”

The security team collaborates with other parts of the organization to handle some of the more pointed issues. He notes that Wikimedia uses a lot of machine learning that has been developed to monitor pages for vandalism, and an anti-harassment team also works alongside them. (Newmark’s contribution today, in fact, is not the first donation he’s made to the organization. In the past he has donated around $2 million towards various projects including the Community Health Initiative, the anti-harassment program; and the more general Wikimedia Endowment).

The security breach that caused the DDoS is currently being responded to by the site reliability engineering team, who are still engaged and monitoring the situation, and Bennett declined to comment more on that.